Browse all 15 CVE security advisories affecting nautobot. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Nautobot serves as an IPAM and DCIM platform for network infrastructure management. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and access control flaws. The platform's modular architecture introduces potential attack surfaces through plugins and APIs. While no major public security incidents have been widely documented, the 15 recorded CVEs highlight ongoing security considerations. Regular updates and hardening are recommended due to the platform's exposure to network-facing interfaces and its role in critical infrastructure management.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-62607 | Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL — nautobot-app-ssotCWE-306 | 5.3 | Medium | 2025-10-22 |
This page lists every published CVE security advisory associated with nautobot. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.